Skip to content
Close
Demo
Client Login
Demo
Client Login

Privacy Policy

Security

TABLE OF CONTENTS
loading...

Overview

Last modified May 18, 2026

At eBacon, protecting customer data is fundamental to our platform, operations, and company culture. This applies to all eBacon customers including our industry focus of construction firms, contractors, and payroll administrators. eBacon continues to set itself apart in the payroll industry with an uncompromising focus on security because it is fundamental to our business operations involving certified payroll, labor compliance, prevailing wage, and workforce information. We recognize the sensitivity of this data and maintain rigorous security controls designed to safeguard customer information, personally identifiable information (PII), and system integrity.

eBacon's security architecture, operational procedures, and internal controls are designed to align with — and in several areas exceed — commonly accepted industry security practices for SaaS providers handling sensitive payroll and compliance data. 

 

Security Governance & Operational Controls

eBacon maintains comprehensive internal security policies and operational procedures governing:

  • Access management and least-privilege authorization
  • Secure software development practices
  • Infrastructure monitoring and threat detection
  • Data encryption and secure transmission
  • Change management and deployment controls
  • Incident response and recovery procedures
  • Employee security awareness and administrative safeguards
  • Vendor and infrastructure risk management

Access to production systems and customer data is restricted to authorized personnel with legitimate business need, and governed through role-based access controls, credential management policies, and multi-factor authentication requirements.

Infrastructure & Hosting Security

eBacon operates on enterprise-grade cloud infrastructure providers that maintain independently audited security programs and physical data center protections. Our hosting environments leverage modern security controls including:

  • Network segmentation and firewall protections
  • Continuous infrastructure monitoring
  • Encrypted communications using TLS
  • Encryption of sensitive data at rest
  • Redundant backup and recovery mechanisms
  • Availability and resiliency protections
  • Secure administrative access controls


Production environments are isolated from development and testing environments to reduce operational risk and protect customer information.

 

Application Security

Security is integrated throughout the eBacon software development lifecycle. Our engineering and operational practices include:

  • Controlled code deployment procedures
  • Authentication and authorization safeguards
  • Regular software updates and security patching
  • Logging and audit visibility for critical system activity
  • Principle-of-least-privilege design standards
  • Validation and protection against common web application threats

Access to customer environments is tightly controlled, monitored, and limited to approved support and essential operational requirements.

Data Protection & Privacy

eBacon is designed to securely process sensitive payroll and workforce information, including data subject to labor compliance and prevailing wage regulations. We implement administrative, technical, and procedural safeguards intended to protect customer data against unauthorized access, disclosure, alteration, or destruction.

Customer data is:

  • Encrypted during transmission and at rest
  • Protected through authenticated access controls
  • Stored within secured infrastructure environments
  • Backed up using controlled recovery procedures
  • Accessible only to authorized personnel under defined operational policies

We maintain strict confidentiality expectations for employees and contractors with access to sensitive systems or information.

Monitoring & Incident Response

eBacon maintains operational monitoring and incident management procedures intended to identify, investigate, and respond to security events in a timely manner. Our internal processes include:

  • System and infrastructure monitoring
  • Security event logging and alerting
  • Access auditing and review procedures
  • Incident escalation workflows
  • Recovery and continuity planning

In the event of a confirmed security incident affecting customer data, eBacon will act promptly to investigate, mitigate impact, and communicate appropriately with affected customers in accordance with applicable contractual and legal obligations.

Continuous Improvement

 Security is an ongoing process. eBacon continually evaluates and enhances its security posture as customer expectations, regulatory requirements, and industry threats evolve. We regularly review our operational controls, infrastructure practices, and development procedures to maintain a high standard of protection for customer data and platform reliability. 

 

This security statement is not an AICPA SOC2 attestation.